Reduce the False Positive and False Negative from Real Traffic with Intrusion Detection

ABSTRACT - In a typical network, the traffic through the network is heterogeneous and consists of flows frommultiple applications and utilities. Considering today threats in network there is yet not a single solution tosolve all the issues because the traditional methods of port-based and payload-based with machine learningalgorithm suffers from dynamic ports and encrypted application. Many international network equipmentmanufactures like cisco, juniper also working to reduce these issues in the hardware side. Here this paperpresents a new approach considering the idea of service-based. This method is, in some sense, orthogonal tocurrent approaches and it can be used as an efficient complement to existing methods to reduce computationand memory requirements. Experimental results on real traffic confirm that this method is extremely effectiveand may improve considerably the accuracy of traffic classification, while it is suitable to a large number ofapplications. Finally, it is also possible to adopt a service database built offline, possibly provided by a thirdparty and modeled after the signature database of antivirus programs, which in term reduce the work oftraining procedure and over fitting of parameters in case of parametric classifier of supervised trafficclassification.Index terms – network operations, security, traffic classification.